Proactive efforts

Our proactive approach to the security of your digital media creation and digital marketing efforts extends to every corner of Adobe, from product inception through delivery — and each time you use an Adobe product or service. An integral part of the development of every Adobe product and service, the Adobe Secure Product Lifecycle (SPLC) helps protect the security of your information.

A dedicated team of industry-leading experts in building, deploying, and monitoring secure applications and services, the Adobe Secure Software Engineering Team (ASSET) works with individual Adobe product security and operations teams to help achieve the highest level of security for all Adobe products and services.

ASSET experts act as consultants to development teams to advise on security best practices for clear, repeatable, and cross-functional processes for development, deployment, operations, and incident response. The team uses industry-standard benchmarks and reporting dashboards to constantly measure and convey progress in a variety of key areas. ASSET experts also maintain ties with the security community, exchanging information by collaborating with other organizations.

Integrated into every stage of the product lifecycle — from design and development to quality assurance, testing, and deployment — the Adobe Secure Product Lifecycle (SPLC) is a rigorous set of more than 80 software development best practices, processes, and tools designed to help keep your information safe when you use Adobe products and services. Implemented by Adobe’s dedicated security and incident response teams and complemented by continuous community engagement, the Adobe SPLC evolves to stay current as technology, security practices, and the threat landscape change.

Best practices, processes, and tools

The Adobe SPLC includes the following:

Security training and certification for all product teams

Product health, risk, and threat landscape analysis

Secure coding guidelines, rules, and analysis

Comprehensive security architecture review and penetration testing

Source code reviews to eliminate known flaws that could lead to vulnerabilities

ASSET Certification Program

The Adobe Secure Software Engineering Team (ASSET) conducts ongoing security training within development teams to enhance security knowledge throughout the company and improve the overall security of our products and services. Employees participating in the ASSET Certification Program attain different certification levels by completing security projects. The program has four levels, each designated by a colored “belt”: white, green, brown, and black. The white and green levels are achieved by completing computer-based training. The higher brown and black belt levels require hands-on security coding experience. Employees who attain brown and black belts become security champions and experts within their product teams.

Black — Recognizes the highest level of hands-on security expertise within Adobe product teams across the company

Your Adobe ID is your key to access most Adobe products and services and participate in the thriving Adobe online community. Protecting this ID is of critical importance to us, and we strive to meet stringent industry best practices for user credential management.

Authentication/authorization

Through strong authentication and authorization processes, we help ensure that only authorized Adobe ID holders can use and access Adobe cloud-based services. For services using Adobe IDs, Adobe leverages the SHA 256 hash algorithm in combination with password salts and a large number of hash iterations. As part of Adobe’s commitment to industry best practices, we continually work with our development teams to implement new protections based on evolving authentication standards.

Suspicious activity monitoring

Adobe continually monitors Adobe ID accounts for unusual or anomalous account activity and regularly receives information from trusted third parties, including security partners and customers, about suspicious activity. We use this information to help you quickly mitigate immediate and future threats to the security of your Adobe ID account. What’s more, we provide this information back to our product operation and development teams, helping to improve protections.